Symantec Plugs Anti-virus Worm Hole in Record Time

WEBINAR:On-Demand

Less than 48 hours of the discovery of a high-risk worm hole in two enterprise-facing anti-virus products, Symantec ships patches and recommends workarounds.

Working feverishly through the holiday weekend, Symantec's security response team has completed patches for a "high-risk" worm hole in two enterprise-facing product lines.

The flaw, which could allow malicious hackers to take complete control of a system without any user action, was discovered and reported by eEye Digital Security 48 hours ago.

In an advisory posted May 27, Symantec described the issue as a stack overflow affecting the Symantec Client Security and Symantec AntiVirus Corporate Edition, two product suites targeted toward business and government customers.

"[It] could potentially allow a remote or local attacker to execute code on the affected machine," said Symantec, of Cupertino, Calif.

"Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with system-level rights on the affected system," it added.

The company's advisory is a confirmation of eEye's earlier warning that the flaw could lead to a self-propagating worm without any user action.

Affected products are the Symantec Client Security 3.0 and 3.1, and the Symantec Antivirus Corporate Edition 10.0 and 10.1. The consumer-facing Norton security suite is not susceptible to the vulnerability.

Symantec also released IDS (intrusion detection system) signatures to detect attempts to exploit the issue.

As best practice, Symantec "strongly recommends" that customers restrict access to administration or management systems to privileged users only, with additional restricted access to the physical host system or systems if possible.

"Keep all operating systems and applications updated with the latest vendor patches [and] follow a multilayered approach to security. Run both firewall and anti-virus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats," the company said.

Symantec urged customers to be cautious when visiting unknown or untrusted Web sites or following unknown URL links. "Do not open attachments or executables from unknown sources or that you didn't request or were unaware of. Always err on the side of caution. Even if the sender is known, the source address may be spoofed," it added.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.